CVE-2025-50251
Plane · Plane
A server-side request forgery (SSRF) vulnerability exists in Plane version 0.23.1, specifically within the password recovery functionality.
Executive summary
A critical SSRF vulnerability in Plane version 0.23.1 allows unauthenticated attackers to force the application to make unauthorized requests, potentially exposing internal resources.
Vulnerability
The vulnerability is a Server-Side Request Forgery (SSRF) located in the password recovery mechanism of the application. This flaw can be triggered by an unauthenticated attacker to interact with internal services or APIs that are not intended to be publicly accessible.
Business impact
Successful exploitation of this SSRF vulnerability poses a significant risk to the organization, as it may allow an attacker to bypass network perimeter defenses to scan internal networks or access sensitive metadata services. With a CVSS score of 9.1, this represents a critical threat to data confidentiality and internal infrastructure integrity. Unauthorized access to internal systems could lead to further compromise or data exfiltration.
Remediation
Immediate Action: Upgrade the Plane installation to the latest available version that addresses this SSRF vulnerability.
Proactive Monitoring: Review web server and application logs for suspicious outbound requests originating from the Plane server, particularly those targeting internal IP addresses or private network ranges.
Compensating Controls: Implement strict egress filtering on the host running the application to limit outbound connectivity to only necessary services and prevent unauthorized internal scanning.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the critical CVSS severity, administrators should prioritize patching the affected Plane instance immediately. If an immediate update is not feasible, restrict network access to the password recovery endpoint to known, trusted source IP addresses until a permanent remediation is applied.